Join Log in
Score:0
avatar Server

How to get CRL IP address during TLS handshake in air gap environment

cn flag
MyKE

Is there any way how to get the IP address of CRL during the TLS handshake in air gap env?

Example:

  • Do a simple curl request over HTTPS against app.contoso.com:

curl -v https://app.contoso.com listening on 20.20.10.1 which is whitelisted. But To allow communication by default we need to whitelist CRL (for example GoDaddy).

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 20.20.10.1...
* TCP_NODELAY set
* Connected to app.contoso.com (20.20.10.1) port 443 (#0)
* schannel: SSL/TLS connection with app.contoso.com port 443 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 180 bytes...
* schannel: sent initial handshake data: sent 180 bytes
* schannel: SSL/TLS connection with app.contoso.com port 443 (step 2/3)
* schannel: failed to receive handshake, need more data
* schannel: SSL/TLS connection with app.contoso.com port 443 (step 2/3)
* schannel: encrypted data got 4096
* schannel: encrypted data buffer: offset 4096 length 4096
* schannel: encrypted data length: 4026
* schannel: encrypted data buffer: offset 4026 length 4096
* schannel: received incomplete message, need more data
* schannel: SSL/TLS connection with app.contoso.com port 443 (step 2/3)
* schannel: encrypted data got 934
* schannel: encrypted data buffer: offset 4960 length 5050
* schannel: sending next handshake data: sending 126 bytes...

  0     0    0     0    0     0      0      0 --:--:--  0:01:45 --:--:--     0* schannel: SSL/TLS connection with app.contoso.com port 443 (step 2/3)
* schannel: failed to receive handshake, SSL/TLS connection failed

  0     0    0     0    0     0      0      0 --:--:--  0:01:45 --:--:--     0
* Closing connection 0
* schannel: shutting down SSL/TLS connection with app.contoso.com port 443
* schannel: clear security context handle
curl: (35) schannel: failed to receive handshake, SSL/TLS connection failed
Process exited with code 35

From the request I can see 20.20.10.1 but I can't see the IP address of CRL which is communication trying to be opened:

* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 180 bytes...

Any tips on how to get IP address of the CRL server during request? Is possible via curl or a different tool? I would like to avoid any low-level tools like Wireshark if possible. Thanks.

102
0 + 0
ssl
crl
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.